Operation PowerOFF: 75K Users of DDoS-for-Hire Services Identified and Warned

Summary

Law enforcement from 21 countries completed a major coordinated operation against DDoS-for-hire services, identifying and warning 75,000 users of illegal booter/stresser platforms. The operation resulted in 4 arrests and the seizure of 53 domains, with authorities discovering details on over 3 million criminal user accounts. To deter participation, police sent warning letters and deployed Google ads targeting searches for these services, while also tracking cryptocurrency payments to identify users.

Full text

Cyber Crime SecurityOperation PowerOFF: 75K Users of DDoS-for-Hire Services Identified and Warned Operation PowerOFF identifies and warns 75K users of DDoS-for-hire services, nets 4 arrests, and seizes 53 domains in a Europol-led crackdown. byDeeba AhmedApril 18, 20262 minute read Law enforcement teams have completed an intense week of action against illegal DDoS-for-hire services as part of the long-running Operation PowerOFF. This joint operation comprises teams from 21 countries and targets services that facilitate Distributed Denial-of-Service (DDoS) attacks. According to Europol, the latest crackdown happened on 13 April 2026, in which officials tracked down the people actually paying for these attacks. The sites offering DDoS-for-hire services are also called “booters” or “stressers” because they allow anyone, even people who know almost nothing about computers, to launch a DDoS for a tiny fee. This recent operation led to four arrests and the seizure of 53 web domains used by hackers. “DDoS-for-hire is one of the most prolific and easily accessible trends in cybercrime, enabling individuals with little technical knowledge to follow step-by-step tutorials to execute criminal attacks. These attacks inflict significant harm on businesses and individuals across the globe by targeting servers, websites, or online services and making them inaccessible to legitimate users,” Europol explained in the press release. Image via Europol Millions of Accounts Found in Databases This effort relied heavily on Europol, which helped sift through mountains of seized data. The investigation showed that authorities found details on over 3 million criminal user accounts. However, apart from making arrests, the police are also trying to stop the problem before it starts. They sent out over 75,000 warning letters and emails to people who were caught using these services. The idea is to warn young people and hobbyists that what they are doing is a serious crime. Officials are even running ads on Google so that when someone tries to find these services, they see a message from the law instead. They are even tracking payments through the blockchain to send warnings to those trying to pay with crypto. https://operation-poweroff.com/assets/video.mp4 Video shared by Europol on the official website dedicated to Operation PowerOff. A Long Fight Operation PowerOFF isn’t new; it has been hunting for these groups for years, and Hackread.com has been covering its every achievement over the years. In 2018, authorities successfully shut down Webstresser.org, a site with 136,000 users that had launched 4 million attacks. This was followed by the seizing of sites like IPStresser.com in 2022 and over a dozen domains hosting DDoS for-hire services in 2023 by the US Department of Justice (DoJ). The pressure continued in 2024, leading to law enforcement from 15 countries shutting down 27 more websites, including zdstresser.net and orbitalstress.net. During that time, three people were arrested in France and Germany. Then, in May 2025, Polish police joined the operation and arrested four people for running platforms like Cfxapi, where an attack cost as little as €10. More recently, in March 2026, agencies stopped four major botnet networks, including Aisuru, KimWolf, JackSkid, and Mossad, that hackers used to flood websites with traffic. Nevertheless, by seizing the servers and databases that cyber criminals rely on, authorities cannot fully stop DDoS attacks, but they aim to make it far more difficult to knock business or government sites offline. Deeba Ahmed Deeba is a veteran cybersecurity reporter at Hackread.com with over a decade of experience covering cybercrime, vulnerabilities, and security events. Her expertise and in-depth analysis make her a key contributor to the platform’s trusted coverage. View Posts Cyber AttackCyber CrimeCybersecurityDDOSEuropolOperation PowerOFF Leave a Reply Cancel reply View Comments (0) Related Posts Privacy Security Surveillance ‘Snowden Phone’ by FreedomPop vows to encrypt your calls and data US Consumers looking for a wireless steal can now get encrypted free monthly phone service thanks to FreedomPop,… byWaqas Read More Security What is Stakeholder-Specific Vulnerability Categorization? It’s a decision tree that’s all about you (and your company). That’s a bit of an oversimplification, but… byWaqas Read More Cyber Crime US Man Jailed After FBI Traced 1,100 IP Addresses in Cyberstalking Case A 25-year-old Bigfork, Montana man, Jeremiah Daniel Starr, used over 50 phone numbers and a VPN to harass a victim he called his "best friend," even staging a fake shooting. Learn more about the FBI investigation that traced 1,100 IP addresses to bring him to justice. byDeeba Ahmed Surveillance NSA Privacy Security Technology One out of Two American Adults Part of the FBI’s Facial Recognition Database The Federal Bureau of Investigation (FBI) and other security agencies are keeping Facial Recognition records of 117 million Americans… byWaqas

Indicators of Compromise

• domain — webstresser.org
• domain — ipstresser.com
• domain — zdstresser.net
• domain — orbitalstress.net

Entities